To check if that is working as expected you can run an NMAP against the port 443 (assuming you have an IIS webserver installed or against the RDP port 3389) as mentioned here.

BUT that will start to cause all kind of connection issues. So this howto will drive true some of them and outline the solutions in order to fix the connection issues. Feel free to comment this article and I will update it if needed.

RDP & Windows 2008 R2

As RDP used TLS 1.0 out for the box you might lock out yourself from the Windows 2008 R2 server as KB 3080079 might be missing as documented by Microsoft here. Once installed this point should be covered.

The GUI and the GPO might still show TLS 1.0 this is a known bug as mentioned here.

Make also sure you are using Remote Desktop Protocol (RDP) 8.0 (or better 8.1 as outlined in KB KB2830477) on your Windows 7 PC as mentioned here.

https & Internet Explorer 10 / Internet Explorer 11

If you disable TLS 1.0 it might be you break any https connection towards the https website hosted on the Windows Server 2012 R2 / 2008 R2. No https website will be working when you use the Internet Explorer. However solving that one is quite easy. Simply enable TLS 1.1 and TLS 1.2 in the browser and you should be fine. Depending on your OS there is also no action needed per default (see below).

3rd party application which used the SCHANNEL implementation in the Windows OS

Some 3rd party application (e.g. FTP Software) might use the build in SCHANNEL (aka Secure Channel) implementation in the Microsoft Windows OS. To ensure they can still connect to your Windows Server you need to enable TLS 1.1 and TLS 1.2 on the Windows OS where the 3rd party application is installed one. Enabling TLS 1.1 and TLS 1.2 is quite easy and can be done via the following registry key (as outlined here):

To check if that is working as expected you can run an NMAP against the port 443 (assuming you have an IIS webserver installed or against the RDP port 3389) as mentioned here.

BUT that will start to cause all kind of connection issues. So this howto will drive true some of them and outline the solutions in order to fix the connection issues. Feel free to comment this article and I will update it if needed.

RDP & Windows 2008 R2

As RDP used TLS 1.0 out for the box you might lock out yourself from the Windows 2008 R2 server as KB 3080079 might be missing as documented by Microsoft here. Once installed this point should be covered.

The GUI and the GPO might still show TLS 1.0 this is a known bug as mentioned here.

Make also sure you are using Remote Desktop Protocol (RDP) 8.0 (or better 8.1 as outlined in KB KB2830477) on your Windows 7 PC as mentioned here.

https & Internet Explorer 10 / Internet Explorer 11

If you disable TLS 1.0 it might be you break any https connection towards the https website hosted on the Windows Server 2012 R2 / 2008 R2. No https website will be working when you use the Internet Explorer. However solving that one is quite easy. Simply enable TLS 1.1 and TLS 1.2 in the browser and you should be fine. Depending on your OS there is also no action needed per default (see below).

3rd party application which used the SCHANNEL implementation in the Windows OS

Some 3rd party application (e.g. FTP Software) might use the build in SCHANNEL (aka Secure Channel) implementation in the Microsoft Windows OS. To ensure they can still connect to your Windows Server you need to enable TLS 1.1 and TLS 1.2 on the Windows OS where the 3rd party application is installed one. Enabling TLS 1.1 and TLS 1.2 is quite easy and can be done via the following registry key (as outlined here):

After an OS reboot TLS 1.1 and TLS 1.2 would be accessible for clients. Keep noted that Windows Vista do not support TLS 1.1 or TLS 1.2 (as written here).

Microsoft Office running on Windows 7

You might think that enabling TLS 1.1 in the regestry as mentioned above would be enough for MS Office however that's not the case. Microsoft Office makes use of WinHTTP (Windows HTTP Services) which required some special settings. So for Windows 7 you need to do some additional tweaks (see here or here):

Comments

Comments (1)

FWIW, disabling TLS 1.0 on SP 2010 will break the search service. It appears that it doesn't instantly die by doing it, but once it does you will not be able to re-provision a search service application until tls1.0 is re-enabled on both the app...

FWIW, disabling TLS 1.0 on SP 2010 will break the search service. It appears that it doesn't instantly die by doing it, but once it does you will not be able to re-provision a search service application until tls1.0 is re-enabled on both the app server and sql server.